kernel-packages team mailing list archive

Thread
Date

[Bug 1379020] Re: lacks seccomp-tsync support

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Kees Cook <kees@xxxxxxxxxx>
Date: Wed, 08 Oct 2014 20:40:02 -0000
Reply-to: Bug 1379020 <1379020@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

2014-08-11	seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock
2014-07-18	seccomp: implement SECCOMP_FILTER_FLAG_TSYNC
2014-07-18	seccomp: allow mode setting across threads
2014-07-18	seccomp: introduce writer locking
2014-07-18	seccomp: split filter prep from check and apply
2014-07-18	sched: move no_new_privs into new atomic flags
2014-07-18	MIPS: add seccomp syscall
2014-07-18	ARM: add seccomp syscall
2014-07-18	seccomp: add "seccomp" syscall
2014-07-18	seccomp: split mode setting routines
2014-07-18	seccomp: extract check/assign mode helpers
2014-07-18	seccomp: create internal mode-setting function

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1379020

Title:
  lacks seccomp-tsync support

Status in “linux” package in Ubuntu:
  Incomplete
Status in “linux” source package in Trusty:
  Incomplete

Bug description:
  For Chrome (and other seccomp users like LXC), the thread-sync
  features for seccomp would provide better process isolation. The
  feature landed in kernel 3.17, and is relatively easy to back-port.
  The upstream seccomp regression tests can be used to verify both the
  new features and the old API, to prove there were no regressions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1379020/+subscriptions

References

[Bug 1379020] [NEW] lacks seccomp-tsync support
From: Kees Cook, 2014-10-08